4b43b418cc2c257ee1a085717553339c64d978638bc0c4dd9efd273fd4d7fee4

Analysis

max time kernel
15s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2023, 11:57

Target

orangeware_cracked_by_oiishi.exe
Size

866KB
MD5

1cd0b877271c3461cbdb9bb1ada43d6a
SHA1

6c64aa94868857d2d0c642af97cf0f02955ac5f6
SHA256

4b43b418cc2c257ee1a085717553339c64d978638bc0c4dd9efd273fd4d7fee4
SHA512

b9c1756bee3f0cf322dd1c4b7a2634bf12d14174cd46c01fd7b1bf437665bea44a3629f7e344dc345183e7f527b7af72affe6bf6ddbc7fb80859d4b691f03612
SSDEEP

24576:Hx1unIUgDeafVxB+l3EQAZa4nMLi1Tod:RII8G7+5W9nM2u

Score

1^/10

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 5044	4124	orangeware_cracked_by_oiishi.exe	87
PID 4124 wrote to memory of 5044	4124	orangeware_cracked_by_oiishi.exe	87
PID 5044 wrote to memory of 3080	5044	cmd.exe	88
PID 5044 wrote to memory of 3080	5044	cmd.exe	88
PID 5044 wrote to memory of 4816	5044	cmd.exe	89
PID 5044 wrote to memory of 4816	5044	cmd.exe	89
PID 5044 wrote to memory of 4932	5044	cmd.exe	90
PID 5044 wrote to memory of 4932	5044	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\orangeware_cracked_by_oiishi.exe
"C:\Users\Admin\AppData\Local\Temp\orangeware_cracked_by_oiishi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\orangeware_cracked_by_oiishi.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5044
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\orangeware_cracked_by_oiishi.exe" MD5
    3⤵
    PID:3080
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4816
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:4932

memory/4124-133-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-134-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-135-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-136-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-137-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-138-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-139-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-140-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-141-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-142-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-143-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-144-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-145-0x0000018FD3AB0000-0x0000018FD3AB1000-memory.dmp

Filesize
4KB

Download
memory/4124-146-0x0000018FD3B90000-0x0000018FD3B91000-memory.dmp

Filesize
4KB

Download